Search criteria
11 vulnerabilities found for rsync by rsync
CVE-2025-10158 (GCVE-0-2025-10158)
Vulnerability from cvelistv5 – Published: 2025-11-18 14:24 – Updated: 2025-11-19 16:48
VLAI?
Summary
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The
malicious
rsync client requires at least read access to the remote rsync module in order to trigger the issue.
Severity ?
4.3 (Medium)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Calum Hutton
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T16:15:02.998218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:48:56.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "rsync",
"vendor": "rsync",
"versions": [
{
"lessThanOrEqual": "3.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Calum Hutton"
}
],
"datePublic": "2025-11-18T14:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."
}
],
"value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T14:45:58.065Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"
},
{
"tags": [
"technical-description"
],
"url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-03-19T06:11:00.000Z",
"value": "Rapid7 makes initial outreach to rsync maintainers"
},
{
"lang": "en",
"time": "2025-03-19T10:04:00.000Z",
"value": "Rsync maintainers confirm outreach"
},
{
"lang": "en",
"time": "2025-03-20T10:34:00.000Z",
"value": "Rapid7 provides rsync maintainers a technical writeup and PoC to reproduce the issue"
},
{
"lang": "en",
"time": "2025-04-02T03:05:00.000Z",
"value": "Rapid7 requests confirmation of findings"
},
{
"lang": "en",
"time": "2025-04-06T09:30:00.000Z",
"value": "Rsync maintainers indicate more time is needed"
},
{
"lang": "en",
"time": "2025-04-16T05:31:00.000Z",
"value": "Rsync maintainers reproduce the issue and dispute its security impact due to uncertainty around viability of heap manipulation during exploitation"
},
{
"lang": "en",
"time": "2025-04-17T01:56:00.000Z",
"value": "Rapid7 indicates manipulating the heap is nuanced and CVE assignment is both prudent and best practice in this instance"
},
{
"lang": "en",
"time": "2025-05-07T09:08:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-05-12T06:08:00.000Z",
"value": "Rsync maintainers indicate a pull request to fix the issue is forthcoming"
},
{
"lang": "en",
"time": "2025-05-28T09:40:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-06-17T04:19:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-08-18T11:59:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-08-23T09:17:00.000Z",
"value": "Rsync maintainers indicate a pull request to remediate the issue has been made and a feature release is forthcoming"
},
{
"lang": "en",
"time": "2025-09-02T04:23:00.000Z",
"value": "Rapid7 indicates intention to assign a CVE and perform a coordinated disclosure with the rsync maintainers upon the upcoming feature release"
},
{
"lang": "en",
"time": "2025-09-09T11:18:00.000Z",
"value": "Rapid7 provides rsync maintainers a reserved CVE identifier and requests the date for the expected feature release"
},
{
"lang": "en",
"time": "2025-11-11T04:42:00.000Z",
"value": "Rapid7 indicates intention to publish the CVE record on November 18, 2025."
},
{
"lang": "en",
"time": "2025-11-18T14:00:00.000Z",
"value": "This disclosure"
}
],
"title": "Rsync: Out of bounds array access via negative index",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2025-10158",
"datePublished": "2025-11-18T14:24:19.210Z",
"dateReserved": "2025-09-09T11:15:17.585Z",
"dateUpdated": "2025-11-19T16:48:56.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2007-6199 (GCVE-0-2007-6199)
Vulnerability from cvelistv5 – Published: 2007-12-01 01:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27863"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"name": "http://rsync.samba.org/security.html#s3_0_0",
"refsource": "CONFIRM",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6199",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6200 (GCVE-0-2007-6200)
Vulnerability from cvelistv5 – Published: 2007-12-01 01:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27863"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"name": "http://rsync.samba.org/security.html#s3_0_0",
"refsource": "CONFIRM",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6200",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4091 (GCVE-0-2007-4091)
Vulnerability from cvelistv5 – Published: 2007-08-16 00:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:38.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27896"
},
{
"name": "GLSA-200709-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "rsync-fname-bo(36072)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"name": "USN-500-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"name": "26493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26493"
},
{
"name": "61039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61039"
},
{
"name": "26634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26634"
},
{
"name": "SUSE-SR:2007:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26543"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"name": "20070823 FLEA-2007-0047-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"name": "DSA-1360",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"name": "SSA:2007-335-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"name": "25336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25336"
},
{
"name": "26537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26537"
},
{
"name": "ADV-2007-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"name": "26518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26518"
},
{
"name": "26548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26548"
},
{
"name": "26911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27896"
},
{
"name": "GLSA-200709-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "rsync-fname-bo(36072)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"name": "USN-500-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"name": "26493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26493"
},
{
"name": "61039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61039"
},
{
"name": "26634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26634"
},
{
"name": "SUSE-SR:2007:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26543"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"name": "20070823 FLEA-2007-0047-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"name": "DSA-1360",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"name": "SSA:2007-335-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"name": "25336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25336"
},
{
"name": "26537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26537"
},
{
"name": "ADV-2007-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"name": "26518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26518"
},
{
"name": "26548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26548"
},
{
"name": "26911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26911"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27896"
},
{
"name": "GLSA-200709-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"name": "26822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26822"
},
{
"name": "rsync-fname-bo(36072)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"name": "USN-500-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"name": "26493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26493"
},
{
"name": "61039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61039"
},
{
"name": "26634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26634"
},
{
"name": "SUSE-SR:2007:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26543"
},
{
"name": "https://issues.rpath.com/browse/RPL-1647",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"name": "20070823 FLEA-2007-0047-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"name": "DSA-1360",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"name": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908",
"refsource": "CONFIRM",
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"name": "SSA:2007-335-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"name": "2007-0026",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html",
"refsource": "CONFIRM",
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"name": "25336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25336"
},
{
"name": "26537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26537"
},
{
"name": "ADV-2007-2915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"name": "26518",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26518"
},
{
"name": "26548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26548"
},
{
"name": "26911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26911"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4091",
"datePublished": "2007-08-16T00:00:00",
"dateReserved": "2007-07-30T00:00:00",
"dateUpdated": "2024-08-07T14:46:38.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10158 (GCVE-0-2025-10158)
Vulnerability from nvd – Published: 2025-11-18 14:24 – Updated: 2025-11-19 16:48
VLAI?
Summary
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The
malicious
rsync client requires at least read access to the remote rsync module in order to trigger the issue.
Severity ?
4.3 (Medium)
CWE
- CWE-129 - Improper Validation of Array Index
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Calum Hutton
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T16:15:02.998218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:48:56.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "rsync",
"vendor": "rsync",
"versions": [
{
"lessThanOrEqual": "3.4.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Calum Hutton"
}
],
"datePublic": "2025-11-18T14:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."
}
],
"value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129 Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T14:45:58.065Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"
},
{
"tags": [
"technical-description"
],
"url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2025-03-19T06:11:00.000Z",
"value": "Rapid7 makes initial outreach to rsync maintainers"
},
{
"lang": "en",
"time": "2025-03-19T10:04:00.000Z",
"value": "Rsync maintainers confirm outreach"
},
{
"lang": "en",
"time": "2025-03-20T10:34:00.000Z",
"value": "Rapid7 provides rsync maintainers a technical writeup and PoC to reproduce the issue"
},
{
"lang": "en",
"time": "2025-04-02T03:05:00.000Z",
"value": "Rapid7 requests confirmation of findings"
},
{
"lang": "en",
"time": "2025-04-06T09:30:00.000Z",
"value": "Rsync maintainers indicate more time is needed"
},
{
"lang": "en",
"time": "2025-04-16T05:31:00.000Z",
"value": "Rsync maintainers reproduce the issue and dispute its security impact due to uncertainty around viability of heap manipulation during exploitation"
},
{
"lang": "en",
"time": "2025-04-17T01:56:00.000Z",
"value": "Rapid7 indicates manipulating the heap is nuanced and CVE assignment is both prudent and best practice in this instance"
},
{
"lang": "en",
"time": "2025-05-07T09:08:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-05-12T06:08:00.000Z",
"value": "Rsync maintainers indicate a pull request to fix the issue is forthcoming"
},
{
"lang": "en",
"time": "2025-05-28T09:40:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-06-17T04:19:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-08-18T11:59:00.000Z",
"value": "Rapid7 requests an update"
},
{
"lang": "en",
"time": "2025-08-23T09:17:00.000Z",
"value": "Rsync maintainers indicate a pull request to remediate the issue has been made and a feature release is forthcoming"
},
{
"lang": "en",
"time": "2025-09-02T04:23:00.000Z",
"value": "Rapid7 indicates intention to assign a CVE and perform a coordinated disclosure with the rsync maintainers upon the upcoming feature release"
},
{
"lang": "en",
"time": "2025-09-09T11:18:00.000Z",
"value": "Rapid7 provides rsync maintainers a reserved CVE identifier and requests the date for the expected feature release"
},
{
"lang": "en",
"time": "2025-11-11T04:42:00.000Z",
"value": "Rapid7 indicates intention to publish the CVE record on November 18, 2025."
},
{
"lang": "en",
"time": "2025-11-18T14:00:00.000Z",
"value": "This disclosure"
}
],
"title": "Rsync: Out of bounds array access via negative index",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2025-10158",
"datePublished": "2025-11-18T14:24:19.210Z",
"dateReserved": "2025-09-09T11:15:17.585Z",
"dateUpdated": "2025-11-19T16:48:56.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2007-6199 (GCVE-0-2007-6199)
Vulnerability from nvd – Published: 2007-12-01 01:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"name": "ADV-2007-4057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27863"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"name": "http://rsync.samba.org/security.html#s3_0_0",
"refsource": "CONFIRM",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "61005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61005"
},
{
"name": "28457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "26638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26638"
},
{
"name": "1019012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6199",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6200 (GCVE-0-2007-6200)
Vulnerability from nvd – Published: 2007-12-01 01:00 – Updated: 2024-08-07 15:54
VLAI?
Summary
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:27.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27863"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2007-4057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "RHSA-2011:0999",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"name": "26639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26639"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "27853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27853"
},
{
"name": "20080212 FLEA-2008-0004-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"name": "27863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27863"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"name": "http://rsync.samba.org/security.html#s3_0_0",
"refsource": "CONFIRM",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"name": "28457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28457"
},
{
"name": "MDVSA-2008:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019012"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6200",
"datePublished": "2007-12-01T01:00:00",
"dateReserved": "2007-11-30T00:00:00",
"dateUpdated": "2024-08-07T15:54:27.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4091 (GCVE-0-2007-4091)
Vulnerability from nvd – Published: 2007-08-16 00:00 – Updated: 2024-08-07 14:46
VLAI?
Summary
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:46:38.629Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27896"
},
{
"name": "GLSA-200709-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "rsync-fname-bo(36072)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"name": "USN-500-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"name": "26493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26493"
},
{
"name": "61039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61039"
},
{
"name": "26634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26634"
},
{
"name": "SUSE-SR:2007:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26543"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"name": "20070823 FLEA-2007-0047-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"name": "DSA-1360",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"name": "SSA:2007-335-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"name": "25336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25336"
},
{
"name": "26537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26537"
},
{
"name": "ADV-2007-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"name": "26518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26518"
},
{
"name": "26548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26548"
},
{
"name": "26911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26911"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27896",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27896"
},
{
"name": "GLSA-200709-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "rsync-fname-bo(36072)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"name": "USN-500-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"name": "26493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26493"
},
{
"name": "61039",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61039"
},
{
"name": "26634",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26634"
},
{
"name": "SUSE-SR:2007:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26543"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"name": "20070823 FLEA-2007-0047-1 rsync",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"name": "DSA-1360",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"name": "SSA:2007-335-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"name": "25336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25336"
},
{
"name": "26537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26537"
},
{
"name": "ADV-2007-2915",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"name": "26518",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26518"
},
{
"name": "26548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26548"
},
{
"name": "26911",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26911"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27896"
},
{
"name": "GLSA-200709-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"name": "26822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26822"
},
{
"name": "rsync-fname-bo(36072)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"name": "USN-500-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"name": "26493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26493"
},
{
"name": "61039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61039"
},
{
"name": "26634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26634"
},
{
"name": "SUSE-SR:2007:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"name": "26543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26543"
},
{
"name": "https://issues.rpath.com/browse/RPL-1647",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"name": "20070823 FLEA-2007-0047-1 rsync",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"name": "DSA-1360",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"name": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908",
"refsource": "CONFIRM",
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"name": "SSA:2007-335-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"name": "2007-0026",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html",
"refsource": "CONFIRM",
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"name": "25336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25336"
},
{
"name": "26537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26537"
},
{
"name": "ADV-2007-2915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"name": "26518",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26518"
},
{
"name": "26548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26548"
},
{
"name": "26911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26911"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4091",
"datePublished": "2007-08-16T00:00:00",
"dateReserved": "2007-07-30T00:00:00",
"dateUpdated": "2024-08-07T14:46:38.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2007-6199
Vulnerability from fkie_nvd - Published: 2007-12-01 06:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html | ||
| cve@mitre.org | http://rsync.samba.org/security.html#s3_0_0 | ||
| cve@mitre.org | http://secunia.com/advisories/27853 | ||
| cve@mitre.org | http://secunia.com/advisories/27863 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28412 | ||
| cve@mitre.org | http://secunia.com/advisories/28457 | ||
| cve@mitre.org | http://secunia.com/advisories/31326 | ||
| cve@mitre.org | http://secunia.com/advisories/61005 | ||
| cve@mitre.org | http://securitytracker.com/id?1019012 | ||
| cve@mitre.org | http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html | ||
| cve@mitre.org | http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257 | ||
| cve@mitre.org | http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011 | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/487991/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/26638 | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/4057 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2268 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rsync.samba.org/security.html#s3_0_0 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27853 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27863 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28412 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28457 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31326 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/61005 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019012 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/487991/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26638 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4057 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2268 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| slackware | slackware_linux | 8.1 | |
| slackware | slackware_linux | 9.0 | |
| slackware | slackware_linux | 9.1 | |
| slackware | slackware_linux | 10.0 | |
| slackware | slackware_linux | 10.1 | |
| slackware | slackware_linux | 10.2 | |
| slackware | slackware_linux | 11.0 | |
| slackware | slackware_linux | 12.0 | |
| rsync | rsync | 2.3.1 | |
| rsync | rsync | 2.3.2 | |
| rsync | rsync | 2.3.2_1.2alpha | |
| rsync | rsync | 2.3.2_1.2arm | |
| rsync | rsync | 2.3.2_1.2intel | |
| rsync | rsync | 2.3.2_1.2m68k | |
| rsync | rsync | 2.3.2_1.2ppc | |
| rsync | rsync | 2.3.2_1.2sparc | |
| rsync | rsync | 2.3.2_1.3 | |
| rsync | rsync | 2.4.0 | |
| rsync | rsync | 2.4.1 | |
| rsync | rsync | 2.4.3 | |
| rsync | rsync | 2.4.4 | |
| rsync | rsync | 2.4.5 | |
| rsync | rsync | 2.4.6 | |
| rsync | rsync | 2.4.8 | |
| rsync | rsync | 2.5.0 | |
| rsync | rsync | 2.5.1 | |
| rsync | rsync | 2.5.2 | |
| rsync | rsync | 2.5.3 | |
| rsync | rsync | 2.5.4 | |
| rsync | rsync | 2.5.5 | |
| rsync | rsync | 2.5.6 | |
| rsync | rsync | 2.5.7 | |
| rsync | rsync | 2.6 | |
| rsync | rsync | 2.6.1 | |
| rsync | rsync | 2.6.2 | |
| rsync | rsync | 2.6.5 | |
| rsync | rsync | 2.6.6 | |
| rsync | rsync | 2.6.7 | |
| rsync | rsync | 2.6.8 | |
| rsync | rsync | 2.6.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F41B40-75E6-45C8-A5FB-8464C0B2D064",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B85EF0EE-3E61-4CA3-9F00-610AB2E1CFCF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70440F49-AEE9-41BE-8E1A-43AB657C8E09",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74022B69-6557-4746-9080-24E4DDA44026",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2081CB54-130C-4A25-A2EE-42249DD6B3EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "393F7E04-2288-45FE-8971-CC1BA036CA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "60BF457A-B318-475D-950A-9D873C0C667C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB9C4CB-09D9-4258-846D-D43C0E8E0CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*",
"matchCriteriaId": "52CA63EE-0911-44AE-9901-FE46FB659D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*",
"matchCriteriaId": "AF678D2B-CD03-4A19-90B4-36448E55943E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*",
"matchCriteriaId": "E454C988-08A3-4269-AC6A-2A975D288C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*",
"matchCriteriaId": "12BB68EF-28DF-4326-84A3-C215005FD3D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*",
"matchCriteriaId": "41DC890B-3D3D-41DB-8380-5C290B708350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0E3499-E90D-40C6-B85A-6CC2312532C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C23042EA-1243-4786-8F76-CDB94E5B909B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31F7C3A4-88F3-454F-9046-CA169FF12106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63756B36-3D03-4C2E-A1B6-AC45B045F94F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF2B595-4AF1-471E-ADFD-FF8CB6F27EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC820774-2B62-4B91-BC1A-EF6B81DD63C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4329E28A-F133-414B-98E5-F117C1B73711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1E7733-4A97-4817-8192-BDAA539AD2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB2A38C-5971-4C38-A2A8-7B8FD44C3816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD479A6-7E13-41FB-B6D9-4CBA1459083B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D08AA818-CEF0-4EA8-BF6B-90A4F512E88C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE611E6-4959-4011-A57A-6774F28D58D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEEFC01-69A5-4760-8052-FB8BA4B125F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A19ACD7B-B36E-42D7-B311-69CD4EF047F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1AA7F4E9-1ED4-4D2F-A0A2-F8D861AD108C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9A038C-C0B8-416D-B103-5E66963065EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1BB055-0489-42F7-9FC7-99EDDA7026DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "336FF990-61EE-4F6B-B4BC-D268DADD3D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "408FDC67-6862-4482-9DC4-E18AFFC3F7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65282BE4-26FA-4E16-B1B1-1A4D82E7C6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "84537850-6D26-47D3-9888-810B8305BD3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD67864-2BED-42AD-985E-34058C07FEBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "382AFB02-339D-45BB-A60D-7C751F943762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "32A205AF-8E75-4AD8-BE0F-EC6A9296D127",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module\u0027s hierarchy."
},
{
"lang": "es",
"value": "rsync, en versiones anteriores a la 3.0.0pre6. Cuando se ejecuta un demonio rsync en modo lectura-escritura que no use chroot, se permite as\u00ed que atacantes remotos accedan a ficheros de acceso restringido, usando vectores desconocidos que provocan que rsync cree un enlace simb\u00f3lico que apunta fuera de la jerarqu\u00eda de ficheros del m\u00f3dulo."
}
],
"id": "CVE-2007-6199",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-01T06:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27853"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27863"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28412"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28457"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31326"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61005"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019012"
},
{
"source": "cve@mitre.org",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15549.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2268"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat does not consider this to be a security issue. Versions of rsync as shipped with Red Hat Enterprise Linux 2.1, 3, 4 and 5 behave as expected and that behavior was well documented.",
"lastModified": "2007-12-06T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-6200
Vulnerability from fkie_nvd - Published: 2007-12-01 06:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html | ||
| cve@mitre.org | http://rsync.samba.org/security.html#s3_0_0 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/27853 | ||
| cve@mitre.org | http://secunia.com/advisories/27863 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/28412 | ||
| cve@mitre.org | http://secunia.com/advisories/28457 | ||
| cve@mitre.org | http://secunia.com/advisories/31326 | ||
| cve@mitre.org | http://securitytracker.com/id?1019012 | ||
| cve@mitre.org | http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257 | ||
| cve@mitre.org | http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2011-0999.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/487991/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/26639 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/4057 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2268 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rsync.samba.org/security.html#s3_0_0 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27853 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27863 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28412 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28457 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31326 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1019012 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-0999.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/487991/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/26639 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/4057 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2268 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| slackware | slackware_linux | 8.1 | |
| slackware | slackware_linux | 9.0 | |
| slackware | slackware_linux | 9.1 | |
| slackware | slackware_linux | 10.0 | |
| slackware | slackware_linux | 10.1 | |
| slackware | slackware_linux | 10.2 | |
| slackware | slackware_linux | 11.0 | |
| slackware | slackware_linux | 12.0 | |
| rsync | rsync | 2.3.1 | |
| rsync | rsync | 2.3.2 | |
| rsync | rsync | 2.3.2_1.2alpha | |
| rsync | rsync | 2.3.2_1.2arm | |
| rsync | rsync | 2.3.2_1.2intel | |
| rsync | rsync | 2.3.2_1.2m68k | |
| rsync | rsync | 2.3.2_1.2ppc | |
| rsync | rsync | 2.3.2_1.2sparc | |
| rsync | rsync | 2.3.2_1.3 | |
| rsync | rsync | 2.4.0 | |
| rsync | rsync | 2.4.1 | |
| rsync | rsync | 2.4.3 | |
| rsync | rsync | 2.4.4 | |
| rsync | rsync | 2.4.5 | |
| rsync | rsync | 2.4.6 | |
| rsync | rsync | 2.4.8 | |
| rsync | rsync | 2.5.0 | |
| rsync | rsync | 2.5.1 | |
| rsync | rsync | 2.5.2 | |
| rsync | rsync | 2.5.3 | |
| rsync | rsync | 2.5.4 | |
| rsync | rsync | 2.5.5 | |
| rsync | rsync | 2.5.6 | |
| rsync | rsync | 2.5.7 | |
| rsync | rsync | 2.6 | |
| rsync | rsync | 2.6.1 | |
| rsync | rsync | 2.6.2 | |
| rsync | rsync | 2.6.5 | |
| rsync | rsync | 2.6.6 | |
| rsync | rsync | 2.6.7 | |
| rsync | rsync | 2.6.8 | |
| rsync | rsync | 2.6.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57F41B40-75E6-45C8-A5FB-8464C0B2D064",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "300A6A65-05FD-401C-80F6-B5F5B1F056E0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3D53C9-3806-45E6-8AE9-7D41280EF64C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29C5A03-A7C9-4780-BB63-CF1E874D018D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B85EF0EE-3E61-4CA3-9F00-610AB2E1CFCF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70440F49-AEE9-41BE-8E1A-43AB657C8E09",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74022B69-6557-4746-9080-24E4DDA44026",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:slackware:slackware_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2081CB54-130C-4A25-A2EE-42249DD6B3EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "393F7E04-2288-45FE-8971-CC1BA036CA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "60BF457A-B318-475D-950A-9D873C0C667C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "8CB9C4CB-09D9-4258-846D-D43C0E8E0CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2arm:*:*:*:*:*:*:*",
"matchCriteriaId": "52CA63EE-0911-44AE-9901-FE46FB659D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2intel:*:*:*:*:*:*:*",
"matchCriteriaId": "AF678D2B-CD03-4A19-90B4-36448E55943E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2m68k:*:*:*:*:*:*:*",
"matchCriteriaId": "E454C988-08A3-4269-AC6A-2A975D288C56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2ppc:*:*:*:*:*:*:*",
"matchCriteriaId": "12BB68EF-28DF-4326-84A3-C215005FD3D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.2sparc:*:*:*:*:*:*:*",
"matchCriteriaId": "41DC890B-3D3D-41DB-8380-5C290B708350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.3.2_1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0E3499-E90D-40C6-B85A-6CC2312532C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C23042EA-1243-4786-8F76-CDB94E5B909B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31F7C3A4-88F3-454F-9046-CA169FF12106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63756B36-3D03-4C2E-A1B6-AC45B045F94F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF2B595-4AF1-471E-ADFD-FF8CB6F27EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC820774-2B62-4B91-BC1A-EF6B81DD63C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4329E28A-F133-414B-98E5-F117C1B73711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1E7733-4A97-4817-8192-BDAA539AD2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB2A38C-5971-4C38-A2A8-7B8FD44C3816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD479A6-7E13-41FB-B6D9-4CBA1459083B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D08AA818-CEF0-4EA8-BF6B-90A4F512E88C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE611E6-4959-4011-A57A-6774F28D58D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEEFC01-69A5-4760-8052-FB8BA4B125F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A19ACD7B-B36E-42D7-B311-69CD4EF047F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1AA7F4E9-1ED4-4D2F-A0A2-F8D861AD108C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9A038C-C0B8-416D-B103-5E66963065EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1BB055-0489-42F7-9FC7-99EDDA7026DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "336FF990-61EE-4F6B-B4BC-D268DADD3D7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "408FDC67-6862-4482-9DC4-E18AFFC3F7C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65282BE4-26FA-4E16-B1B1-1A4D82E7C6C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "84537850-6D26-47D3-9888-810B8305BD3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD67864-2BED-42AD-985E-34058C07FEBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "382AFB02-339D-45BB-A60D-7C751F943762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "32A205AF-8E75-4AD8-BE0F-EC6A9296D127",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en rsync, en versiones anteriores a la 3.0.0pre6, cuando se ejecuta un demonio rsync en modo lectura-escritura. Permite que atacantes remotos vulneren exclude, exclude_from, y filter, adem\u00e1s de poder leer y escribir archivos ocultos usando: (1) symlink, (2) partial-dir, (3) backup-dir, y (4) opciones dest sin especificar."
}
],
"id": "CVE-2007-6200",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-01T06:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27853"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27863"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28412"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28457"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31326"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019012"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26639"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rsync.samba.org/security.html#s3_0_0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0999.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487991/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2268"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6200\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
"lastModified": "2007-12-06T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-4091
Vulnerability from fkie_nvd - Published: 2007-08-16 00:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908 | ||
| cve@mitre.org | http://c-skills.blogspot.com/2007/08/cve-2007-4091.html | ||
| cve@mitre.org | http://secunia.com/advisories/26493 | ||
| cve@mitre.org | http://secunia.com/advisories/26518 | ||
| cve@mitre.org | http://secunia.com/advisories/26537 | ||
| cve@mitre.org | http://secunia.com/advisories/26543 | ||
| cve@mitre.org | http://secunia.com/advisories/26548 | ||
| cve@mitre.org | http://secunia.com/advisories/26634 | ||
| cve@mitre.org | http://secunia.com/advisories/26822 | ||
| cve@mitre.org | http://secunia.com/advisories/26911 | ||
| cve@mitre.org | http://secunia.com/advisories/27896 | ||
| cve@mitre.org | http://secunia.com/advisories/61039 | ||
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200709-13.xml | ||
| cve@mitre.org | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.481089 | ||
| cve@mitre.org | http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html | ||
| cve@mitre.org | http://www.debian.org/security/2007/dsa-1360 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2007_17_sr.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/477628/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/25336 | ||
| cve@mitre.org | http://www.trustix.org/errata/2007/0026/ | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-500-1 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2915 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/36072 | ||
| cve@mitre.org | https://issues.rpath.com/browse/RPL-1647 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://c-skills.blogspot.com/2007/08/cve-2007-4091.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26493 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26518 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26537 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26543 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26548 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26634 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26822 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26911 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27896 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/61039 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200709-13.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.481089 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2007/dsa-1360 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_17_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/477628/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25336 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.trustix.org/errata/2007/0026/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-500-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2915 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/36072 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.rpath.com/browse/RPL-1647 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rsync:rsync:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "32A205AF-8E75-4AD8-BE0F-EC6A9296D127",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function."
},
{
"lang": "es",
"value": "M\u00faltiples errores de superaci\u00f3n de l\u00edmite (off-by-one) en sender.c de rsync 2.6.9 podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante nombres de directorio que no son manejados adecuadamente al llamar a la funci\u00f3n f_name."
}
],
"id": "CVE-2007-4091",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-16T00:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"source": "cve@mitre.org",
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26493"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26518"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26537"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26543"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26548"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26634"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26822"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26911"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27896"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61039"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"source": "cve@mitre.org",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"source": "cve@mitre.org",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25336"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-1647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://article.gmane.org/gmane.linux.debian.devel.bugs.general/291908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://c-skills.blogspot.com/2007/08/cve-2007-4091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26518"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200709-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.481089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15548.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_17_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/477628/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-500-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-1647"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This flaw did not affect Red Hat Enterprise Linux 2.1, 3, or 4 due to the version of rsync.\n\nThis flaw does exist in Red Hat Enterprise Linux 5, but due to the nature of the flaw it is not exploitable with any security consequence due to stack-protector.",
"lastModified": "2007-08-22T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}